Kaspersky Uncovers 'Red October' Cyber Attack On Eastern Europe

By Khurram Aziz email: k.aziz@mobilenapps.com | Jan 15, 2013 11:44 AM EST

Share This Story

  • Print
  • Email

Russian antivirus firm Kaspersky Labs claims to have found a cyber attack that may have been stealing confidential government documents since 2007 from mostly Eastern Europe and Central Asia, but also in Western Europe and North America.

Follow us

The malware, which the company is calling "Red October" after the 1990 Tom Clancy espionage thriller, targeted government institutions such as embassies, nuclear research centers and oil and gas institutes.

Kaspersky is publishing the entire research that led to the discovery of the cyber attack on its Web site.

"During the past five years, a high-level cyber-espionage campaign has successfully infiltrated computer networks at diplomatic, governmental and scientific research organizations, gathering data and intelligence from mobile devices, computer systems and network equipment," it reads

"The campaign, identified as "Rocra", short for "Red October", is currently still active with data being sent to multiple command-and-control servers, through a configuration which rivals in complexity the infrastructure of the Flame malware. Registration data used for the purchase of C&C domain names and PE timestamps from collected executables suggest that these attacks date as far back as May 2007."

Kaspersky said it found several Russian words embedded in the malware's code, suggesting the attackers are of Russian-speaking origin. Words such as  "Zakladka" appear in the malware, which, in Russian and Polish, can mean "bookmark" or "undeclared functionality" in slang.

Howeverr, Vitaly Kamluk, chief malware analyst at Kasperksy Lab, told TechWeekEurope there was no "strict evidence" a nation state was behind the attack. It was, nevertheless, one of the most targeted campaigns seen to date

"In Red October, the attackers seem to be hunting for specific organisations. They are interested in high-quality, high-profile information," Kamluk told TechWeekEurope. "That explains why the number of infected machines is so low - just over 300 machines... but every target was specifically selected. What makes this attack different from Flame and others is that every attack was planned very carefully.

"They shaped every attack attempt very carefully, and even created specific modules for targets. Not all the targets received the same binaries.

"Inside the malware, you can find a user ID, which actually shows it is a specific piece of malware compiled for a specific [target]."

Kaspersky said that it named the virus Red October because it was first brought to its attention in October 2012 after a tipoff from an anonymous source. The antivirus firm intends to publish the full report into the spy campaign later this week on its Web site.

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Ericsson Announces World-Leading Launches Ahead of Mobile World Congress 2014

Join Our Conversation

Smartphones
LG G3 leaked UI screenshotsLG G3 UI screenshots leak, confirm QHD resolution of 2560 x 1440 pixels
Apple releases latest iOS 7.1.1 update - Here’s what it brings
HTC One M8 Mini reportedly headed to Verizon – Will it be another exclusive?
LG G Watch officially detailed, coming in Champagne Gold and Stealth Black color options
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Chrome Remote Desktop app for AndroidChrome Remote Desktop for Android now available for free from Google Play
Adobe Lightroom mobile hits the iPad, coming soon to iPhones
Apple updates Mac iWork for iCloud suite – What’s new in Pages, Numbers and Keynote?
Microsoft launches Office for iPad, makes Office Mobile free on Android and iPhones
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps